Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

opensc-0.25.1-1.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: opensc Distribution: openSUSE Tumbleweed
Version: 0.25.1 Vendor: openSUSE
Release: 1.1 Build date: Fri Apr 5 20:54:38 2024
Group: Productivity/Security Build host: reproducible
Size: 4271841 Source RPM: opensc-0.25.1-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://github.com/OpenSC/OpenSC/wiki
Summary: Smart Card Utilities
OpenSC provides a set of utilities to access smart cards. It mainly
focuses on cards that support cryptographic operations. It facilitates
their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11
API. Applications supporting this API, such as Mozilla Firefox and
Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims
to be compatible with every software that does so, too.

Before purchasing any cards, please read carefully documentation on the
web pageonly some cards are supported. Not only card type matters, but
also card version, card OS version and preloaded applet. Only subset of
possible operations may be supported for your card. Card initialization
may require third party proprietary software.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Fri Apr 05 2024 Martin Hauke <mardnh@gmx.de>
  - Update to verion 0.25.1
    General improvements
    * Add missing file to dist tarball to build documentation.
    minidriver
    * Fix RSA decryption with PKCS#1 v1.5 padding.
    * Fix crash when app is not set.
* Wed Mar 13 2024 Martin Hauke <mardnh@gmx.de>
  - Build with support for libeac (OpenPACE)
* Sat Mar 09 2024 Martin Hauke <mardnh@gmx.de>
  - Update to version 0.25.0
    Security
    * CVE-2023-5992: Fix Side-channel leaks while stripping
      encryption PKCS#1.5 padding in OpenSC.
    * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
      during card enrollment in pkcs15init.
    General improvements
    * Remove support for old card drivers Akis, GPK, Incrypto34 and
      Westcos, disable Cyberflex driver.
    * Fix 64b to 32b conversions.
    * Improvements for the p11test.
    * Fix reader initialization without SCardControl.
    * Make RSA PKCS#1 v1.5 depadding constant-time.
    * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
      on the card.
    * Fixed various issues reported by OSS-Fuzz and Coverity in
      drivers, PKCS#11 and PKCS#15 layer.
  - Add patch:
    * opensc-docbook-xsl-fix.patch
  - Drop not longer needed patches:
    * CVE-2024-1454.patch
  - Introduce subpackage for bash-completion
* Sun Feb 25 2024 Martin Schreiner <martin.schreiner@suse.com>
  - Add CVE-2024-1454.patch.
    Fix for CVE-2024-1454 / bsc#1219868.
* Wed Dec 13 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to OpenSC 0.24.0:
    * Security
    - CVE-2023-40660: Fix Potential PIN bypass
      (#2806, frankmorgner/OpenSCToken#50, #2807)
    - CVE-2023-40661: Important dynamic analyzers reports
    - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption
      using symmetric keys (f1993dc)
    * General improvements
    - Fix compatibility of EAC with OpenSSL 3.0 (#2674)
    - Enable use_file_cache by default (#2501)
    - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715)
    - Fix record-based files (#2604)
    - Fix several race conditions (#2735)
    - Run tests under Valgrind (#2756)
    - Test signing of data bigger than 512 bytes (#2789)
    - Update to OpenPACE 1.1.3 (#2796)
    - Implement logout for some of the card drivers (#2807)
    - Fix wrong popup position of opensc-notify (#2901)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding card
      drivers, PKCS#11 and PKCS#15 init
    * PKCS#11
    - Check card presence state in C_GetSessionInfo (#2740)
    - Remove onepin-opensc-pkcs11 module (#2681)
    - Do not use colons in the token info label (#2760)
    - Present profile objects in all slots with the CKA_TOKEN attribute to
      resolve issues with NSS (#2928, #2924)
    - Use secure memory for PUK (#2906)
    - Don't logout to preserve concurrent access from different processes
      (#2907)
    - Add more examples to manual page (#2936)
    - Present profile objects in all virtual slots (#2928)
    - Provide CKA_TOKEN attribute for profile objects (#2924)
    - Improve --slot parameter documentation (#2951)
    * PKCS#15
    - Honor cache offsets when writing file cache (#2858)
    - Prevent needless amount of PIN prompts from pkcs15init layer (#2916)
    - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and
      back to PKCS#11 (#2936)
    * Minidriver
    - Fix for private keys that do not need a PIN (#2722)
    - Unbreak decipher when the first null byte of PKCS#1.5 padding is
      missing (#2939*
    * pkcs11-tool
    - Fix RSA key import with OpenSSL 3.0 (#2656)
    - Add support for attribute filtering when listing objects (#2687)
    - Add support for --private flag when writing certificates (#2768)
    - Add support for non-AEAD ciphers to the test mode (#2780)
    - Show CKA_SIGN attribute for secret keys (#2862)
    - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys
      (#2864, #2913)
    - Show Sign/VerifyRecover attributes (#2888)
    - Add option to import generic keys (#2955)
    * westcos-tool
    - Generate 2k RSA keys by default (b53fc5c)
    * pkcs11-register
    - Disable autostart on Linux by default (#2680)
    * IDPrime
    - Add support for IDPrime MD 830, 930 and 940 (#2666)
    - Add support for SafeNet eToken 5110 token (#2812)
    - Process index even without keyrefmap and use correct label for second
      PIN (#2878)
    - Add support for Gemalto IDPrime 940C (#2941)
    * EPass2003
    - Change of PIN requires verification of the PIN (#2759)
    - Fix incorrect CMAC computation for subkeys (#2759, issue #2734)
    - Use true random number for mutual authentication for SM (#2766)
    - Add verification of data coming from the token in the secure messaging
      mode (#2772)
    - Avoid success when using unsupported digest and fix data length for RAW
      ECDSA signatures (#2845)
    * OpenPGP
    - Fix select data command (#2753, issue #2752)
    - Unbreak ed/curve25519 support (#2892)
    * eOI
    - Add support for Slovenian eID card (eOI) (#2646)
    * Italian CNS
    - Add support for IDEMIA (Oberthur) tokens (#2483)
    * PIV
    - Add support for Swissbit iShield FIDO2 Authenticator (#2671)
    - Implement PIV secure messaging (#2053)
    * SkeID
    - Add support for Slovak eID cards (#2672)
    * isoApplet
    - Support ECDSA with off-card hashing (#2642)
    * MyEID
    - Fix WRAP operation when using T0 (#2695)
    - Identify changes on the card and enable use_file_cache (#2798)
    - Workaround for unwrapping using 2K RSA key (#2921)
    * SC-HSM
    - Add support for opensc-tool --serial (#2675)
    - Fix unwrapping of 4096 keys with handling reader limits (#2682)
    - Indicate supported hashes and MGF1s (#2827)
  - Remove patches:
    * opensc-CVE-2023-40660-1of2.patch
    * opensc-CVE-2023-40660-2of2.patch
    * opensc-CVE-2023-40661-1of12.patch
    * opensc-CVE-2023-40661-2of12.patch
    * opensc-CVE-2023-40661-3of12.patch
    * opensc-CVE-2023-40661-4of12.patch
    * opensc-CVE-2023-40661-5of12.patch
    * opensc-CVE-2023-40661-6of12.patch
    * opensc-CVE-2023-40661-7of12.patch
    * opensc-CVE-2023-40661-8of12.patch
    * opensc-CVE-2023-40661-9of12.patch
    * opensc-CVE-2023-40661-10of12.patch
    * opensc-CVE-2023-40661-11of12.patch
    * opensc-CVE-2023-40661-12of12.patch
    * opensc-CVE-2023-4535.patch
    * opensc-CVE-2023-2977.patch
    * opensc-NULL_pointer_fix.patch
* Fri Oct 06 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-40661, bsc#1215761]
    * opensc: multiple memory issues with pkcs15-init (enrollment tool)
    * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch
* Thu Oct 05 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-4535, bsc#1215763]
    * Add patches:
    - opensc-CVE-2023-4535.patch
    - opensc-NULL_pointer_fix.patch
* Wed Oct 04 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-40660, bsc#1215762]
    * opensc: PIN bypass when card tracks its own login state
    * Add patches:
    - opensc-CVE-2023-40660-1of2.patch
    - opensc-CVE-2023-40660-2of2.patch
* Thu Jun 01 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-2977, bsc#1211894]
    * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
    * Add opensc-CVE-2023-2977.patch
* Tue Nov 29 2022 Michael Ströder <michael@stroeder.com>
  - Update to OpenSC 0.23.0:
    * General improvements
    - Support signing of data with a length of more than 512 bytes (#2314)
    - By default, disable support for old card drivers (#2391) and remove
      support for old drivers MioCOS and JCOP (#2374)
    - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
    - Compatibility with LibreSSL (#2495, #2595)
    - Remove support for DSA (#2503)
    - Extend p11test to support symmetric keys (#2430)
    - Notice detached reader on macOS (#2418)
    - Support for OAEP padding (#2475, #2484)
    - Fix for PSS salt length (#2478)
    - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding
      card drivers, PKCS#11 and PKCS#15 init
    - Fix issues with OpenPACE (#2472)
    - Containers support for local testing
    - Add support for encryption and decryption using symmetric keys (#2473, #2607)
    - Stop building support for Gost algorithms with OpenSSL 3.0 as they
      require deprecated API (#2586)
    - Fix detection of disconnected readers in PCSC (#2600)
    - Add configuration option for on-disk caching of private data (#2588)
    - Skip building empty binaries when dependencies are missing and
      remove needless linking (#2617)
    - Define arm64 as a supported architecture in the Installer package (#2610)
    * PKCS#11
    - Implement C_CreateObject for EC keys and fix signature verification
      for CKM_ECDSA_SHAx cards (#2420)
    * pkcs11-tool
    - Add more elliptic curves (#2301)
    - Add support for symmetric encrypt and decrypt, wrap and unwrap operations,
      and initialization vector (#2268)
    - Fix consistent handling of secret key attributes (#2497)
    - Add support for signing and verifying with HMAC (#2385)
    - Add support for SHA3 (#2467)
    - Make object selectable via label (#2570)
    - Do not require an R/W session for some operations and
      add --session-rw option (#2579)
    - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and
      serial number for certificates (#2644, #2643, #2641)
    - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
    * sc-hsm-tool
    - Add options for public key authentication (#2301)
    * Minidriver
    - Fix reinit of the card (#2525)
    - Add an entry for Italian CNS (e) (#2548)
    - Fix detection of ECC mechanisms (#2523)
    - Fix ATRs before adding them to the windows registry (#2628)
    * NQ-Applet
    - Add support for the JCOP4 Cards with NQ-Applet (#2425)
    * ItaCNS
    - Add support for ItaCMS v1.1 (key length 2048) (#2371)
    * Belpic
    - Add support for applet v1.8 (#2455)
    * Starcos
    - Add ATR for V3.4 (#2464)
    - Add PKCS#15 emulator for 3.x cards with eSign app (#2544)
    * ePass2003
    - Fix PKCS#15 initialization (#2403)
    - Add support for FIPS (#2543)
    - Fix matching with newer versions and tokens initialized with OpenSC (#2575)
    * MyEID
    - Support logout operation (#2557)
    - Support for symmetric encryption and decryption (#2473, #2607)
    * GIDS
    - Fix decipher for TPM (#1881)
    * OpenPGP
    - Get the list of supported algorithms from algorithm information
      on the card (#2287)
    - Support for 3 certificates with OpenPGP 3+ (#2103)
    * nPA
    - Fix card detection (#2463)
    * Rutoken
    - Fix formatting rtecp cards (#2599)
    * PIV
    - Add new PIVKey ATRs for current cards (#2602)
* Mon Oct 04 2021 Daniel Donisa <daniel.donisa@suse.com>
  - Update to OpenSC 0.22.0:
    * Removed changes in opensc-gcc11.patch already present in upstream.
    - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
    * Removed some false positives from the openrc-rpmlintrc file.
    * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
    * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
    * Add threading test to `pkcs11-tool` (#2067)
    * Add support to generate generic secret keys (#2140)
    * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
    * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
    * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
    * Initial support for building with OpenSSL 3.0 (#2343)
    * pkcs15-tool: Write data objects in binary mode (#2324)
    * Avoid limited size of log messages (#2352)
    * Support for ECDSA verification (#2211)
    * Support for ECDSA with different SHA hashes (#2190)
    * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
    * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
    * Standardize the version 2 on 2.20 in the code (#2096)
    * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE  (#2176)
    * Copy arguments of C_Initialize (#2350)
    * Fix RSA-PSS signing (#2234)
    * Fix DO deletion (#2215)
    * Add support for (X)EdDSA keys (#1960)
    * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
    * Add support for applet version 4 (#2332)
    * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
    * Add support for ECDSA with different hashes (#2190)
    * Enable more mechanisms (#2178)
    * Fixed asking for a user pin when formatting a card (#1737)
    * Added support for French CPx Healthcare cards (#2217)
    * Added ATR for new CardOS 5.4 version (#2296)
    * Fixes security issues:
    * tcos: use after return (bsc#1192005, CVE-2021-42780)
    * oberthur: use after free (bsc#1191992, CVE-2021-42779)
    * oberthur: multiple heap buffer overflows (bsc#1192000,
      CVE-2021-42781)
    * multiple stack buffer overflow issues (bsc#1191957,
      CVE-2021-42782)
* Sun Jun 27 2021 Predrag Ivanović <predivan@mts.rs>
  - Fix build on GCC11
    * Add opensc-gcc11.patch from Fedora
      (https://github.com/OpenSC/OpenSC/pull/2241/)
* Fri Mar 12 2021 Dirk Müller <dmueller@suse.com>
  - move licenses to licensedir

Files

/etc/eac/cvc/DESCHSMCVCA00001
/etc/eac/cvc/DESRCACC100001
/etc/opensc.conf
/etc/pkcs11
/etc/pkcs11/modules
/etc/pkcs11/modules/opensc.module
/usr/bin/cardos-tool
/usr/bin/cryptoflex-tool
/usr/bin/dnie-tool
/usr/bin/dtrust-tool
/usr/bin/egk-tool
/usr/bin/eidenv
/usr/bin/gids-tool
/usr/bin/goid-tool
/usr/bin/iasecc-tool
/usr/bin/netkey-tool
/usr/bin/npa-tool
/usr/bin/openpgp-tool
/usr/bin/opensc-asn1
/usr/bin/opensc-explorer
/usr/bin/opensc-tool
/usr/bin/piv-tool
/usr/bin/pkcs11-register
/usr/bin/pkcs11-tool
/usr/bin/pkcs15-crypt
/usr/bin/pkcs15-init
/usr/bin/pkcs15-tool
/usr/bin/sc-hsm-tool
/usr/bin/westcos-tool
/usr/lib/libopensc.la
/usr/lib/libopensc.so.11
/usr/lib/libopensc.so.11.0.2
/usr/lib/libsmm-local.la
/usr/lib/libsmm-local.so
/usr/lib/libsmm-local.so.11
/usr/lib/libsmm-local.so.11.0.2
/usr/lib/onepin-opensc-pkcs11.so
/usr/lib/opensc-pkcs11.la
/usr/lib/opensc-pkcs11.so
/usr/lib/pkcs11
/usr/lib/pkcs11-spy.la
/usr/lib/pkcs11-spy.so
/usr/lib/pkcs11/onepin-opensc-pkcs11.so
/usr/lib/pkcs11/opensc-pkcs11.so
/usr/lib/pkcs11/pkcs11-spy.so
/usr/lib/pkgconfig/opensc-pkcs11.pc
/usr/share/applications/org.opensc.notify.desktop
/usr/share/doc/packages/opensc
/usr/share/doc/packages/opensc/NEWS
/usr/share/doc/packages/opensc/README
/usr/share/doc/packages/opensc/files.html
/usr/share/doc/packages/opensc/opensc.conf
/usr/share/doc/packages/opensc/tools.html
/usr/share/licenses/opensc
/usr/share/licenses/opensc/COPYING
/usr/share/man/man1/cardos-tool.1.gz
/usr/share/man/man1/cryptoflex-tool.1.gz
/usr/share/man/man1/dnie-tool.1.gz
/usr/share/man/man1/dtrust-tool.1.gz
/usr/share/man/man1/egk-tool.1.gz
/usr/share/man/man1/eidenv.1.gz
/usr/share/man/man1/gids-tool.1.gz
/usr/share/man/man1/goid-tool.1.gz
/usr/share/man/man1/iasecc-tool.1.gz
/usr/share/man/man1/netkey-tool.1.gz
/usr/share/man/man1/npa-tool.1.gz
/usr/share/man/man1/openpgp-tool.1.gz
/usr/share/man/man1/opensc-asn1.1.gz
/usr/share/man/man1/opensc-explorer.1.gz
/usr/share/man/man1/opensc-notify.1.gz
/usr/share/man/man1/opensc-tool.1.gz
/usr/share/man/man1/piv-tool.1.gz
/usr/share/man/man1/pkcs11-register.1.gz
/usr/share/man/man1/pkcs11-tool.1.gz
/usr/share/man/man1/pkcs15-crypt.1.gz
/usr/share/man/man1/pkcs15-init.1.gz
/usr/share/man/man1/pkcs15-tool.1.gz
/usr/share/man/man1/sc-hsm-tool.1.gz
/usr/share/man/man1/westcos-tool.1.gz
/usr/share/man/man5/opensc.conf.5.gz
/usr/share/man/man5/pkcs15-profile.5.gz
/usr/share/opensc
/usr/share/opensc/asepcos.profile
/usr/share/opensc/authentic.profile
/usr/share/opensc/cardos.profile
/usr/share/opensc/cyberflex.profile
/usr/share/opensc/entersafe.profile
/usr/share/opensc/epass2003.profile
/usr/share/opensc/flex.profile
/usr/share/opensc/gids.profile
/usr/share/opensc/ias_adele_admin1.profile
/usr/share/opensc/ias_adele_admin2.profile
/usr/share/opensc/ias_adele_common.profile
/usr/share/opensc/iasecc.profile
/usr/share/opensc/iasecc_admin_eid.profile
/usr/share/opensc/iasecc_generic_oberthur.profile
/usr/share/opensc/iasecc_generic_pki.profile
/usr/share/opensc/isoApplet.profile
/usr/share/opensc/muscle.profile
/usr/share/opensc/myeid.profile
/usr/share/opensc/oberthur.profile
/usr/share/opensc/openpgp.profile
/usr/share/opensc/pkcs15.profile
/usr/share/opensc/rutoken.profile
/usr/share/opensc/rutoken_ecp.profile
/usr/share/opensc/rutoken_lite.profile
/usr/share/opensc/sc-hsm.profile
/usr/share/opensc/setcos.profile
/usr/share/opensc/starcos.profile


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Jul 10 23:39:11 2024